How to update expire Aras certifies

Hi Haider and Hkhan,

were you able to find a solution for this one?

I need to find a solution...till 2024. So there is no real hurry. But I think this topic will become relevant for many users who don´t update on a regular basis. So it´s better to be prepared.

I haven´t done any tests regarding custom certificates yet. And so far I haven´t seen any document related to certificates in https://www.aras.com/support/documentation/ . Not sure if Aras is aware of the issue. 

IMPORTANT: For anyone who came across this post by accident: If you use the same Innovator 12+ instance for around 2 years, check the validity of your certificates. You might be affected by the topic of this post too. 

Hope this posts gets more attention.

Thanks again for bringing up the topic!

Angela

Hello Angelalp,

I contacted Aras for help and the following is the solution they provided 

To generate new certificates:

1. Download from the FTP site i have added to this page 
2. Open a command prompt window as Administrator
3. Navigate to the folder containing CreateOAuthCertificates.bat
4. Execute the following command to generate certificates:

            CreateOAuthCertificates.bat <ServerName> <Password>

   Where:

ServerName – the name of the server for which a certificate should be generated (OAuthServer, InnovatorServer, VaultServer, AgentService, SelfServiceReporting).

Password – the password for the private certificate.

Note: Each run of the batch file generates a pair of certificates in the {Current_Directory}\Output\ directory, for example: OAuthServer.cer (public certificate) and OAuthServer.pfx (private certificate protected by the password). You will need to run this for each part of the application components.

Once the Certificates have been created copy them the corresponding directories.

Deploying the OAuthServer Certificates:

• Copy OAuthServer.pfx to OAuthServer\App_Data\Certificates\
• Copy the OAuthServer.pfx to the following folders:
  • OAuthServer\App_Data\Certificates\
  • Innovator\Server\App_Data\Certificates\
  • SelfServiceReporting\App_Data\Certificates\
  • VaultServer\App_Data\Certificates\
• Specify the password in oauth\server\tokenSigning\certificate\@password attribute of OAuthServer\OAuth.config file.

Deploying the Aras Innovator Server Certificates

• Copy InnovatorServer.pfx to Innovator\Server\App_Data\Certificates\.
• Copy InnovatorServer.cer to OAuthServer\App_Data\Certificates\.
• Specify password in oauth\client\secret\certificate\@password attribute of Innovator\Server\OAuth.config file.

Deploying the Vault Server Certificates:

• Copy VaultServer.pfx to VaultServer\App_Data\Certificates\.
• Copy VaultServer.cer to OAuthServer\App_Data\Certificates\.
• Specify password in oauth\client\secret\certificate\@password attribute of VaultServer\OAuth.config file.

Deploying the Agent Service Certificates

• Copy AgentService.pfx to AgentService\App_Data\Certificates\.
• Copy AgentService.cer to OAuthServer\App_Data\Certificates\.
• Specify password in oauth\client\secret\certificate\@password attribute of AgentService\OAuth.config file.

Deploying the Self Service Reporting Certificates:

• Copy SelfServiceReporting.pfx to SelfServiceReporting\App_Data\Certificates\.
• Copy SelfServiceReporting.cer to OAuthServer\App_Data\Certificates\.

Specify password in oauth\client\secret\certificate\@password attribute of SelfServiceReporting\OAuth.config file.

Hi Hkhan,

many thanks for sharing this information! I made a quick test and the resulting certs lock fine.

I am a little bit proud that my earlier openssl idea wasn´t so wrong at all. It´s exactly the same concept that Aras uses.

Best wishes!

Angela

Hi Hkhan,

many thanks for sharing this information! I made a quick test and the resulting certs lock fine.

I am a little bit proud that my earlier openssl idea wasn´t so wrong at all. It´s exactly the same concept that Aras uses.

Best wishes!

Angela